| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Owarepl : Is this a bug or feature?
tkyte_at_us.oracle.com (Thomas Kyte) writes:
>(i think you mean GET in the above, with GET query_string is set, with POST we
>read from stdin)
I actually meant POST. I know when using GET owarepl does forward the query string. I was hoping that owarepl did something like for POST also. But looking at the code it looks like it should be fairly easy to change this.
...
>You need to figure out what logon is being used with your DCD to see what tables
>are accessible. If you are using a DCD that gets its logon from the owa.cfg,
>its the tables that user can see. If you are using a DCD that gets its
>logon/password from the user at runtime using basic authentication, then its
>that users list of accessible tables you will see.
I am using a DCD that gets its login from owa.cfg. Am I correct in assuming that all objects that this user has access to are available to users connecting through owarepl?
>the big difference between the oracle tag and just running a procedure is that
>ROLES are active with the oracle tag but not so with the procedure (roles are
>never active in a procedure). For example, try this:
>create procedure show_count_of_tables
>is
> l_n number;
>begin
> select count(*) into l_n from all_objects;
> htp.p( 'We see ' || l_n || ' things' );
>end;
>Run that from the web and see how many objects your procedure can see. Then,
>create a page:
I ran it and it can apparently see 751 objects.
>....
><oracle>
>declare
> l_n number;
>begin
> select count(*) into l_n from all_objects;
> htp.p( 'We see ' || l_n || ' things' );
>end;
></oracle>
>....
>Now, since roles are enabled, you'll 'see' more stuff.
Thanks for your patience, however I am still a little confused. I was under the impression that people using owarepl, to connect to my Oracle instance can only execute stored procedures that are present in the my schema. I am the user whose login/passwd information is in owa.cfg. Does this mean that Oracle tag allows visitors to write their own procedures and submit them through owarepl?
I tried using the Oracle tag but am unable to get owarepl to read a plain
html file.
http://localhost/cgi-bin/owarepl/index.html results in the following error :
ORA-04044: procedure, function, or package is not allowed here and
http://localhost/cgi-bin/owassi/index.html gives the following :
Premature end of script headers
This is running under Apache. And access to http://localhost/index.html works without a problem. Also http://localhost/cgi-bin/showenv and other procedures work as expected.
P.S. After compiling the owarepl I noticed the owarepl.so library file in the solbin directory and was wondering if I need to move it around. And what purpose does it serve?
Thanks a million again.
Atif Khan
aak2_at_ra.msstate.edu
Received on Mon Jun 23 1997 - 00:00:00 CDT
 |
 |